The Dark Web: One Thing Always Leads to Many, Many Others

Just after the Paris attacks and the subsequent manhunt that ensued, Wired’s Kim Zetter wrote a very good piece centered around ISIS OPSEC and French law enforcement’s use of intelligence.

One of the more interesting details from the piece had to do with how French police collected vital intelligence - including the ultimate location where the terrorist masterminds behind the attacks were hiding - from a single discarded cell phone left at one of the crime scenes.

In the end, it was a vital source of information that lead French authorities to head off additional follow-on violence planned by the extremists.

It seems that amidst the chaos of that tragedy and what had to have been thousands of pieces of evidence, the focus on diligent intelligence methods and attention to every detail no matter how small yielded big, life-saving results.

One small thing set in motion a chain of events that, in this case, prevented still more heinous crimes from being committed by criminals intent on doing harm.

Can you imagine what would have happened without their sound intelligence work?

For all the big budget, state-sponsored networks and technical wizardry employed by countries around the globe today, a big win came down to practical intelligence.

In cybersecurity, things are never really life or death (at least not yet, anyway). In fact, against the backdrop of terrorist attacks like the ones in Paris, the hidden world of 1s and 0s seems completely trivial in the truest sense of the word.

That said, cybercrime is beginning to really impact the lives of individuals and businesses in increasingly harmful ways. In fact, the illicit market that is the Dark Web now trades in all manner of cybercrime exploits that can certainly do harm:

• Hacking for Hire

• General and Specific Cyber Exploits for Sale

• Vulnerabilities for Sale

• Stolen Intellectual Property, Designs and Counterfeits

• Spam and Phishing Campaigns for Hire

• Doxxing and Investigation for Hire

• Hacktivist (and other) Targeting Forums

• Insider Threat for Hire

Even more disconcerting is the lack of commitment to cyber intelligence activities in most businesses. Leaving areas such as the Dark Web “dark” for evidence of cybercrime vulnerability allows single, seemingly insignificant issues to escape detection and turn very quickly into many more harmful exploits that hit at the companies themselves and, increasingly, their individual customers.

Don’t fully understand how this is so? Let’s look at just one example scenario.

In my day job analyzing cyber threat data for many types of customers such as small bank and credit union clients, we are regularly able to use the Dark Web to determine when there’s been a data breach of credit card numbers and associated customer information. In fact, tens of thousands of new numbers show up every day for sale on the black market. The credit card numbers by themselves are bad enough, but it gets much worse.

These dumps of data go on sale each and every day organized by the banking target name and originating from cybercriminals using Point-of-Sale malware, ATM skimmers, and good ole fashioned network intrusions.

Of course, other cybercriminals buy these sets of data and sometimes use them for quick financial gain. But it’s what they’re able to use this info for apart from, say, fraudulent transactions that’s multiplying the impact for affected businesses and their consumers.

These days, cybercriminals can take just a single piece of customer data that includes personally identifiable information to stalk or “dox” an individual, building up a kind of personal dossier on a person.

Due to things like social media, eCommerce and our increasingly networked and connected internet lives, it’s a pretty simple task to get from, say, your full name and zip code to a personal or email address and a list of all the places you buy things, post reviews or meet other people online.

From there, criminals can target each customer with very real-looking LinkedIn or Amazon email phishes for example, then quickly grab banking, personal and work email passwords. Once they have those, they can really dig in and being gathering intelligence of their own on a person’s co-workers, trade secrets, intellectual property, financial accounts and much, much more.

As well, “big harvest” follow-on phishing campaigns spoofed from untraceable domains obtained via the Dark Web or originating out of compromised email accounts aimed at more employees, customers and partners leads to things like wire fraud, more hacked accounts, monetized access and a whole dirty laundry list of more exploits.

Don’t believe it?

Just recently, access to a single customer’s email account was used to re-direct a wire transfer for a real estate settlement in the amount of hundreds of thousands of dollars into another compromised account where it was quickly swept away into the untraceable circuitry of the Dark Web.

All from one bit of information.

It’s all cyber criminals need to pull off a whole string of lucrative crimes (or sell the info directly to others who really want exploit you or your company) that can cost you millions, damage your brand and reputation or, nowadays, get you sued in a class action or taken to court by government organizations like the FTC.

The worst part? Due to an almost complete lack of cyber threat intelligence functions across industry, 99.9% of all of these affected businesses have no clue their information, such as “full” credit card profiles of their customers, is even out there in the first place.

Jason Polancich founder and Chief Architect at SurfWatch Labs. He is a serial entrepreneur focused on solving complex internet security and cyber-defense problems. Prior to founding SurfWatch Labs, Mr. Polancich co-founded Novii Design which was sold to Six3 Systems in 2010. In addition to completing numerous professional engineering and certification programs through the National Cryptologic School, Polancich is a graduate of the University of Alabama, with degrees in English, Political Science and Russian. He is a distinguished graduate of the Defense Language Institute (Arabic) and has completed foreign study programs through Boston University in St. Petersburg, Russia.